A US cyber-security expert has exposed gaping security flaws in Pennsylvania's electronic voting system.
In a boost to President Donald Trump's ongoing challenge to election results in several states, Large Systems Technical Analyst Ron Watkins revealed that electronically-tallied votes and possibly security keys are carried on simple USB flash drives - several of which were stolen over a month before the November 3 election.
He told One America News' Chanel Rion he had pored through the Dominion Voting Systems technical manual and public request documents from Pennsylvania Secretary of State Kathy Boockvar "with the mindset of a penetration tester, of which I am," and was "trying to figure out which parts of the system could be abused by end users."
He identified the physical security of the device and administrative access as key vulnerabilities of the system. Another was that voting totals are transferred from tabulation machines to senior election officials on USB flash drives - which he believed were easy to tamper with.
"You have the issue of the person who is inside the tabulation machine, which is just a normal Windows 10 computer, are they manipulating the votes before they go to the flash drive?" he asked. "Then you have the next issue, which is now the votes are on the flash drive, how does that flash drive get to the county commissioner or whoever is assigned to accept the flash drive? Is the same flash drive being sent over?"
Watkins also pointed out that county-level officials could tamper with the results before reporting them to the state level.
A reported 'glitch' in Dominion voting machines in Michigan's rural Antrim county transferred 6,000 votes cast for Trump to Democratic candidate Joe Biden before it was spotted. Trump eventually won by some 2,500 votes in that county. Dominion has denied its machines were the cause of the issue, claiming it was a "user error" - effectively admitting an official could alter the result.
Another issue raised by Watkins was the digital cryptographic keys to access data on the voting machines, which could be contactless RFID fobs or USB devices.
"If you lose this physical key, you lose absolute security of the entire precinct," Watkins warned. "So, for example, if Philadelphia was storing these keys in a warehouse, and they were robbed, and the only thing stolen were these keys and a laptop, then you should consider their entire election illegitimate because they have lost the physical security of the system, which is the most important part of information security."
Watkins was referring to an actual incident confirmed by the Philadelphia City Commissioner’s office on September 30, where a staff laptop and encrypted flash drives were taken from an election machine warehouse in the East Falls district. Police were investigating.
Election Systems & Software, the manufacturer of the machines stored at the warehouse, insisted that the flash drives “contain multiple levels of security” and that the laptop was “not used to program the election or interact with USBs used in elections.”
But Philadelphia was the city where more than 600,000 postal ballots, which Republican Party election observers said they were prevented from scrutinising, turned an overwhelming lead for Trump in Pennsylvania to a narrow win for Biden.